Bug 137268

Summary: JSObject::put under operationPutByIdNonStrictBuildList crashes Web Inspector process on many pages
Product: WebKit Reporter: Jonathan Wells <jonowells>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: fpizlo, ggaren, graouts, joepeck, mark.lam, oliver, timothy, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
[SCREENSHOT] blank inspector
none
[LOG] crash log none

Description Jonathan Wells 2014-09-30 14:23:34 PDT 
To reliably reproduce (in ToT WebKit):

1. visit http://twitter.com
2. open the inspector
A blank inspector window opens.

You can also try:

1. visit any page with a few scripts on it
2. open the inspector, which should hopefully open correctly.
3. try to edit the documents, view timelines, or run scripts in the console until the inspector crashes
Comment 1 Radar WebKit Bug Importer 2014-09-30 14:23:45 PDT 
<rdar://problem/18506181>
Comment 2 Jonathan Wells 2014-09-30 14:23:58 PDT 
Created attachment 238961 [details]
[SCREENSHOT] blank inspector
Comment 3 Timothy Hatcher 2014-09-30 14:33:16 PDT 
Can you attach the crash log?
Comment 4 Jonathan Wells 2014-09-30 14:51:40 PDT 
Where can I find it? The crash dialog doesn't come up. I see this in the OS X console when the crash occurs:

9/30/14 2:48:06.902 PM com.apple.xpc.launchd[1]: (com.apple.ReportCrash[21640]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash
Comment 5 Timothy Hatcher 2014-09-30 14:58:04 PDT 
~/Library/Logs/DiagnosticReports
Comment 6 Jonathan Wells 2014-09-30 15:08:57 PDT 
Created attachment 238967 [details]
[LOG] crash log
Comment 7 Mark Lam 2014-10-17 18:43:59 PDT 
I am not able to reproduce this with a build of r174798 (minus a workaround patch in r174749).

However, using my own repro steps for https://webkit.org/b/137340 to cause a crash, I see that I get exact same symptoms of a blank WebInspector window if the WebInspector has been popped out into its own window.  https://webkit.org/b/137340 is a bug that manifests in JS put bytecodes, similar to this bug.  Hence, I am quite certain that this is a dup of https://webkit.org/b/137340 which has been fixed in http://trac.webkit.org/changeset/174856.

I'm closing this bug as a dup.  Please reopen it if you are able to reproduce it with r174856 or higher.

*** This bug has been marked as a duplicate of bug 137340 ***